如何在CentOS 8上安装Docker

文章出处：

https://linoxide.com/linux-how-to/how-to-install-docker-on-centos/

CentOS 8带有自己的工具buildah和podman，它们与现有的docker映像兼容，并且无需依赖守护程序即可工作，从而允许以普通用户身份创建容器，而无需特殊权限。

这些工具仍然有一些限制，因此在本教程中，我们将了解如何使用官方Docker存储库在Centos 8上安装和运行原始Docker CE。

什么是Docker？

Docker是一个开源项目，它允许在容器内创建和分发应用程序，这些容器是可以独立于主机系统轻松复制的标准化环境。

添加Docker存储库

首先，我们必须添加一个外部存储库以获得Docker CE。我们将使用官方的Docker CE CentOS存储库。除了其他功能外，DNF config-manager实用程序使我们能够轻松地启用或禁用CentOS中的存储库。默认情况下，在CentOS 8上仅启用appstream和baseos存储库。下一步是也添加并启用docker-ce repo。要完成此任务，我们要做的就是运行以下命令：

$ sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo

We can verify that the repository has been enabled by typing the following dnf command:

$ sudo dnf repolist -v

....

Repo-id : docker-ce-stable

Repo-name : Docker CE Stable - x86_64

Repo-revision: 1567619328

Repo-updated : Wed 04 Sep 2019 05:48:48 PM UTC

Repo-pkgs : 51

Repo-size : 1.1 G

Repo-baseurl : https://download.docker.com/linux/centos/7/x86_64/stable

Repo-expire : 172,800 second(s) (last: Mon 30 Sep 2019 09:28:09 PM UTC)

Repo-filename: /etc/yum.repos.d/docker-ce.repo

Installing docker-ce package

The repository contains several versions of the docker-ce package, to display all of them, we can run:

$ dnf list docker-ce --showduplicates | sort -r

Extra Packages for Enterprise Linux 8 - x86_64 501 kB/s | 2.3 MB 00:04

docker-ce.x86_64 3:19.03.4-3.el7 docker-ce-stable

docker-ce.x86_64 3:19.03.3-3.el7 docker-ce-stable

docker-ce.x86_64 3:19.03.2-3.el7 docker-ce-stable

docker-ce.x86_64 3:19.03.1-3.el7 docker-ce-stable

docker-ce.x86_64 3:19.03.0-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.9-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.8-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.7-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.6-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.5-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.4-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.3-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.2-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.1-3.el7 docker-ce-stable

docker-ce.x86_64 3:18.09.0-3.el7 docker-ce-stable

docker-ce.x86_64 18.06.3.ce-3.el7 docker-ce-stable

docker-ce.x86_64 18.06.2.ce-3.el7 docker-ce-stable

docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable

docker-ce.x86_64 18.06.0.ce-3.el7 docker-ce-stable

docker-ce.x86_64 18.03.1.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 18.03.0.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.12.1.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.12.0.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.06.2.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.06.1.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.03.3.ce-1.el7 docker-ce-stable

docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable

docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable

At the time being, installation of containerd.io > 1.2.0-3.el7 is blocked, which is a dependency of docker-ce. Because of this, we have to work around this problem. However, another problem is present. As long as firewalld, the system firewall manager is enabled, DNS resolution inside docker containers does not work.

For the time being this is the only way to install docker-ce. We will update the article once the proper centos 8 package becomes available.

We will now install the docker with the following command:

$ sudo dnf -y install docker-ce --nobest

Last metadata expiration check: 0:35:54 ago on Sun 20 Oct 2019 05:17:37 PM UTC.

Dependencies resolved.

Problem: package docker-ce-3:19.03.4-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed

- cannot install the best candidate for the job

- package containerd.io-1.2.10-3.2.el7.x86_64 is excluded

- package containerd.io-1.2.2-3.3.el7.x86_64 is excluded

- package containerd.io-1.2.2-3.el7.x86_64 is excluded

- package containerd.io-1.2.4-3.1.el7.x86_64 is excluded

- package containerd.io-1.2.5-3.1.el7.x86_64 is excluded

- package containerd.io-1.2.6-3.3.el7.x86_64 is excluded

================================================================================

Package Arch Version Repository Size

================================================================================

Installing:

docker-ce x86_64 3:18.09.1-3.el7 docker-ce-stable 19 M

Installing dependencies:

container-selinux noarch 2:2.94-1.git1e99f1d.module_el8.0.0+58+91b614e7

AppStream 43 k

libcgroup x86_64 0.41-19.el8 BaseOS 70 k

containerd.io x86_64 1.2.0-3.el7 docker-ce-stable 22 M

docker-ce-cli x86_64 1:19.03.4-3.el7 docker-ce-stable 39 M

Enabling module streams:

container-tools rhel8

Skipping packages with broken dependencies:

docker-ce x86_64 3:19.03.4-3.el7 docker-ce-stable 24 M

Transaction Summary

================================================================================

Install 5 Packages

Skip 1 Package

Total download size: 80 M

Installed size: 338 M

Downloading Packages:

(1/5): container-selinux-2.94-1.git1e99f1d.modu 314 kB/s | 43 kB 00:00

(2/5): libcgroup-0.41-19.el8.x86_64.rpm 470 kB/s | 70 kB 00:00

(3/5): containerd.io-1.2.0-3.el7.x86_64.rpm 3.1 MB/s | 22 MB 00:07

(4/5): docker-ce-18.09.1-3.el7.x86_64.rpm 2.6 MB/s | 19 MB 00:07

(5/5): docker-ce-cli-19.03.4-3.el7.x86_64.rpm 2.6 MB/s | 39 MB 00:15

--------------------------------------------------------------------------------

Total 4.5 MB/s | 80 MB 00:17

warning: /var/cache/dnf/docker-ce-stable-091d8a9c23201250/packages/containerd.io-1.2.0-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY

Docker CE Stable - x86_64 1.4 kB/s | 1.6 kB 00:01

Importing GPG key 0x621E9F35:

Userid : "Docker Release (CE rpm) "

Fingerprint: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35

From : https://download.docker.com/linux/centos/gpg

Key imported successfully

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

Preparing : 1/1

Installing : docker-ce-cli-1:19.03.4-3.el7.x86_64 1/5

Running scriptlet: docker-ce-cli-1:19.03.4-3.el7.x86_64 1/5

Installing : containerd.io-1.2.0-3.el7.x86_64 2/5

Running scriptlet: containerd.io-1.2.0-3.el7.x86_64 2/5

Running scriptlet: libcgroup-0.41-19.el8.x86_64 3/5

Installing : libcgroup-0.41-19.el8.x86_64 3/5

Running scriptlet: libcgroup-0.41-19.el8.x86_64 3/5

Installing : container-selinux-2:2.94-1.git1e99f1d.module_el8.0.0 4/5

Running scriptlet: container-selinux-2:2.94-1.git1e99f1d.module_el8.0.0 4/5

Running scriptlet: docker-ce-3:18.09.1-3.el7.x86_64 5/5

Installing : docker-ce-3:18.09.1-3.el7.x86_64 5/5

Running scriptlet: docker-ce-3:18.09.1-3.el7.x86_64 5/5

Verifying : container-selinux-2:2.94-1.git1e99f1d.module_el8.0.0 1/5

Verifying : libcgroup-0.41-19.el8.x86_64 2/5

Verifying : containerd.io-1.2.0-3.el7.x86_64 3/5

Verifying : docker-ce-3:18.09.1-3.el7.x86_64 4/5

Verifying : docker-ce-cli-1:19.03.4-3.el7.x86_64 5/5

Installed:

docker-ce-3:18.09.1-3.el7.x86_64

container-selinux-2:2.94-1.git1e99f1d.module_el8.0.0+58+91b614e7.noarch

libcgroup-0.41-19.el8.x86_64

containerd.io-1.2.0-3.el7.x86_64

docker-ce-cli-1:19.03.4-3.el7.x86_64

Skipped:

docker-ce-3:19.03.4-3.el7.x86_64

Complete!

Now we must enable docker service:

$ sudo systemctl enable --now docker

Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

We can check if the service is running as it should:

$ systemctl status docker

● docker.service - Docker Application Container Engine

Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor pres>

Active: active (running) since Sun 2019-10-20 18:00:45 UTC; 2min 12s ago

Docs: https://docs.docker.com

Main PID: 2856 (dockerd)

Tasks: 21

Memory: 53.2M

CGroup: /system.slice/docker.service

├─2856 /usr/bin/dockerd -H fd://

└─2873 containerd --config /var/run/docker/containerd/containerd.tom>

From this, we can see that everything is ok.

Adding user to docker group

The docker group is created, but no users are added to the group. Add your user to this group to run docker commands without sudo.

$ sudo usermod -aG docker $USER

$ id $USER

uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant),988(docker)

Logout and Login again to use Docker without sudo. We can check the docker version with:

$ newgrp docker

$ docker version

Client: Docker Engine - Community

Version: 19.03.4

API version: 1.39 (downgraded from 1.40)

Go version: go1.12.10

Git commit: 9013bf583a

Built: Fri Oct 18 15:52:22 2019

OS/Arch: linux/amd64

Experimental: false

Server: Docker Engine - Community

Engine:

Version: 18.09.1

API version: 1.39 (minimum version 1.12)

Go version: go1.10.6

Git commit: 4c52b90

Built: Wed Jan 9 19:06:30 2019

OS/Arch: linux/amd64

Experimental: false

Test docker installation by pulling the test image

We can now pull the alpine docker container image to test our installed docker:

$ docker pull alpine

Using default tag: latest

latest: Pulling from library/alpine

9d48c3bd43c5: Pull complete

Digest: sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb

Status: Downloaded newer image for alpine:latest

docker.io/library/alpine:latest

List downloaded container images:

$ docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

alpine latest 961769676411 2 months ago 5.58MB

Verify that Docker CE is working correctly by running the alpine container from the downloaded image.

$ docker run -it --rm alpine /bin/sh

/ # apk update

fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz

ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.10/main: temporary error (try again later)

WARNING: Ignoring APKINDEX.00740ba1.tar.gz: No such file or directory

fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz

ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.10/community: temporary error (try again later)

WARNING: Ignoring APKINDEX.d8b2a6f4.tar.gz: No such file or directory

2 errors; 14 distinct packages available

/ # exit

We see here that we get errors trying to update with "apk update".

As said before, in order to make DNS resolution work inside Docker containers, we must disable firewalld (a system reboot may be also needed):

$ sudo systemctl disable firewalld

Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.

Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

After reboot we will try again apk update:

$ docker run -it --rm alpine /bin/sh/ # apk updatefetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gzfetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gzv3.10.2-189-g393dc02e8c [http://dl-cdn.alpinelinux.org/alpine/v3.10/main]v3.10.2-189-g393dc02e8c [http://dl-cdn.alpinelinux.org/alpine/v3.10/community]OK: 10337 distinct packages available/ # exitAnd now it works. This is not a good solution, but for now, this is the only way. Now you canssh into dockerand start using it.

Conclusion

At this time there is no official Centos 8 docker package. For now, we have to use this workaround to use the official Docker. In this tutorial, we have learned how to install and use Docker and docker images with the only workaround known at this time.